Good disassemble/debugging program?

[netrom]

Hi all!

I want to

 

[DutchDaemon]

... finish a sentence?

 

[netrom]

Sorry for that^ Accidentally pressed submit.

But anyway, I'm looking for a good program for doing reverse engineering in. At some point in my past I used OllyDBG in Windows which, I think, is pretty darn good. But I can't find any similar application for *nix. I know dbg, ddd etc. But they they're not as "nice".

So any alternatives?

Thanks!

 

[graudeejs]

Truth is, there are none (nice. With nice i think something like IDA Pro, Turbo debugger, ollydbg, Immunity Debugger, SoftIce)

for linux there's at least Ida Pro (cli version)

you can disassemble with ht [editors/hteditor] (a bit), but you can't do nothing serious.

btw FreeBSD/Linux is open source, so you don't need to disassemble


However there is this project:
http://rr0d.droids-corp.org/


If you find anything interesting plz let me know,
I'm very interested in reverse engineering

 

[ephemera]

objdump, readelf, nm, gdb from the base system.

http://en.wikipedia.org/wiki/GNU_Binutils

 

[SirDice]

btw FreeBSD/Linux is open source, so you don't need to disassemble

While true you can use your fbsd/linux box to disassemble/analyze/reverse engineer windows executables.

 

[drhowarddrfine]

fwiw, I had started to work on porting ollydbg to FreeBSD a couple years ago. Life got in the way but one of these days, Alice....one of these days.

 

[netrom]

However there is this project:
http://rr0d.droids-corp.org/

Thanks for the link. I downloaded it and compiled it but when I kldloaded it the system panicked and restarted. I could begin to determine why but I'm more in the mood for some learning.. Hehe.

But as ephemera pointed out, I'm gonna go for gdb etc. first to get the hang of all the basics. It doesn't really matter if that's not imprinted into the brain anyway.

Oh, and drhowarddrfine please do soon! :e

 

[graudeejs]

btw, here are some free for personal use tools for windows

IDA Pro FreeWare 4.9
http://www.hex-rays.com/idapro/idadownfreeware.htm
Ida is the best disassembler know to me in this galaxy

Immunity debugger
http://www.immunityinc.com/products-immdbg.shtml
seams pretty good


Open Source Hex editor:
ht editor
http://hte.sourceforge.net/
in ports it's editors/hteditor
i like this editor because it doesn't have cli problems like giew

 

[drhowarddrfine]

Let's not forget ald. I don't think the guy has updated it in years but I was using it a couple years ago when I was writing some assembly.

 

[netrom]

Open Source Hex editor:
ht editor
http://hte.sourceforge.net/
in ports it's editors/hteditor
i like this editor because it doesn't have cli problems like giew

I have been using hte the last few days and I think it's pretty good at what i does. Also the built-in assembling features are nice.

But I was thinking.. If you want to reverse engineer a binary with no debugging symbols and so on. Then gdb and the like are not very easy to use because the names are not readable. And you can't look at the source code either. How then does one step through a program to understand what it does?

So you can get some info by using objdump but still..

 

[SirDice]

But I was thinking.. If you want to reverse engineer a binary with no debugging symbols and so on. Then gdb and the like are not very easy to use because the names are not readable. And you can't look at the source code either. How then does one step through a program to understand what it does?

Using a lot of blood, sweat and tears

 

[graudeejs]

Using a lot of blood, sweat and tears

and IDA Pro


Ida pro is great thing....
AND latest version have build in debugger, AND a feature (plugin probably) to convert asm code back to C code (if i recall correctly it was named Hex-rays decompiler)

http://www.hex-rays.com/decompiler.shtml


Good book on subject is:
Hackers disassembling uncovered by Kriss Kaspersky
http://www.amazon.com/Hacker-Disassembling-Uncovered-Techniques-Programming/dp/1931769222

only thing it heavily relies on Soft-Ice and unfortunately this peace of great software is dead.
http://en.wikipedia.org/wiki/SoftICE

 

[SirDice]

and IDA Pro

Ida pro is great thing....
AND latest version have build in debugger,

Very true indeed. The full version is quite expensive though

Good book on subject is:
Hackers disassembling uncovered by Kriss Kaspersky
http://www.amazon.com/Hacker-Disassembling-Uncovered-Techniques-Programming/dp/1931769222

A very good book on the subject but it mostly focuses on how to get at passwords and/or serials in code and how to prevent hackers getting them.

only thing it heavily relies on Soft-Ice and unfortunately this peace of great software is dead.
http://en.wikipedia.org/wiki/SoftICE

IIRC it was part of driverstudio and last I tried it worked perfectly on windows XP.

 

[graudeejs]

IIRC it was part of driverstudio and last I tried it worked perfectly on windows XP.

What is IIRC?

 

[SirDice]

Sorry, I've been on the Internet for far too long...

IIRC means "If I Recall Correctly".

http://www.dict.org/bin/Dict?Form=Dict2&Database=*&Query=iirc

 

[graudeejs]

Sorry, I've been on the Internet for far too long...

IIRC means "If I Recall Correctly".

http://www.dict.org/bin/Dict?Form=Dict2&Database=*&Query=iirc

lol, I for some reason thought it was some kind of software, that I haven't heard of. lol


Yes it was part of driverstudio (or something like that) form NuMega

 

[graudeejs]

This is old and forgotten thread, but I wanted to point out
devel/cgdb

I'm starting to like it, at least it seams to be much easier to use than pure gdb for gdb noob like me

mostly because you see source all the time, and don't have to type list.... etc

(Still exploring it)

 

[paradox]

for debugging
user level debugger

EDB debugger http://www.codef00.com/projects.php
screen shot http://www.codef00.com/img/debugger.png

may be some one add it to ports?

 

[graudeejs]

Maybe I'll try after January.... (if I'll find some time)
Currently I don't have time at all

 

[SIFE]

there are some library to dissemble x86 elf file format .